diff options
author | Matt Caswell <matt@openssl.org> | 2018-12-04 08:37:04 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-12-05 10:55:04 +0000 |
commit | 0fb2815b873304d145ed00283454fc9f3bd35e6b (patch) | |
tree | 25e40e4f76270869ce4053ad2af0beb5ab7304bd /ssl/statem | |
parent | ed371b8cbac0d0349667558c061c1ae380cf75eb (diff) |
Fix some SSL_export_keying_material() issues
Fix some issues in tls13_hkdf_expand() which impact the above function
for TLSv1.3. In particular test that we can use the maximum label length
in TLSv1.3.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7755)
Diffstat (limited to 'ssl/statem')
-rw-r--r-- | ssl/statem/extensions.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_clnt.c | 2 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 63e61c6184..716d6d23e0 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart, /* Generate the binder key */ if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash, - hashsize, binderkey, hashsize)) { + hashsize, binderkey, hashsize, 1)) { /* SSLfatal() already called */ goto err; } diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 5a8f1163df..a0e495d8e8 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) PACKET_data(&nonce), PACKET_remaining(&nonce), s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index e7c11c4bea..a8e862ced5 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) tick_nonce, TICKET_NONCE_SIZE, s->session->master_key, - hashlen)) { + hashlen, 1)) { /* SSLfatal() already called */ goto err; } |